How "fool-proof" is the built-in Firewall of Windows?

We have all been using the built-in firewall through the control panel, set the in/out permissions and consider ourselves safe, but how fool-proof is it?

For example, I had noticed in the past (a few years ago) that some apps can change or alter those rules. Once I had installed VirtualBox and it added its own firewall rule to allow itself internet access (both in and out). However, I removed those rules, but when I upgraded VirtualBox to a newer version, it recreated those rules again!

This led me to the question, how safe is the firewall really? If any app can add/substract the rules, then what good use is the firewall. Suppose, somebody writes an app that adds a firewall rule to allow a free access, then do everything they want (like create a botnet, etc.) and then remove that rule. What will happen then? Will such event even be recorded somewhere to later prove that the app did it?

You told Windows you trusted Virtual Box by Ok'ing the UAC prompt you got before it let you install it

Click to expand...

k. That means apps that don't ask UAC prompts won't be able to alter the firewall? That makes me feel somewhat better, but even then, is there an Event Log or something written when an app actually does modify the rules?

(I clearly remember that VB did not ask my permission regarding internet access rules at that time. However this was an early 3.x version, I have found that later 4+ versions of VB didn't change the firewall rules).

It's not that any application can modify firewall rules, but any application run with administrative privileges. So yes, if you run an application with administrative privileges that application will be able to change the firewall settings, among many other things. For that reason you shouldn't run an application with administrative privileges unless that application has a specific need for it.

That somebody would still have to convince you to run his app with administrative privileges to be able to do that. UAC will prompt for that, and if it's not a trustworthy app the user should not grant it administrator privileges. With UAC off (or in "never notify" mode) and run under an admin user account, any application will be able to obtain administrator privileges without prompting the user. This explains why it's such a bad idea running with UAC off...

Click to expand...

k. So does that mean that granting Administrative privilege on the UAC prompt will provide something like the root access in the linux world? Meaning that the program can do just about anything it wants including formatting the hard drive and wipe off the partitions?

Yeah, it's basically the Windows equivalent of "sudo".
However, it's important to note that UAC is only really secure in its highest setting ("always notify"). The other settings grant silent auto-elevation to some of Windows' own executables, which is less annoying, but could potentially be exploited by malicious apps. That's the tradeoff between security and convenience.

Is the "Allowed Programs" a way to see ALL "apps" that have admin priviledge?

F.e. do I need to allow Nvidias Shield streaming?

Click to expand...

If you are talking about Windows Firewall, then no. It doesn't grant the app admin privilege, but only allows it to pass through the firewall. Admin privilege is a different thing where you right-click the app and click on "Run as Administrator" (or in case of some setup/msi installation files, that happens automatically as they try to perform some privileged tasks like changing the firewall rules and you get a UAC prompt).

As a general rule, you don't allow any program admin privilege unless you face any issues and specifically know that allowing that privilege is going to solve that issue.

Given you can easily turn it completely off, it's not fool proof at all. It does a reasonable job of keeping things out, but has always done a poor job of monitoring, inspecting, and limiting outbound communication.

As to fool proof things in general, as soon as they build a fool proof anything, along comes a better fool.